As generated by AppGini 5.95

app/admin/getUsers.php

@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 5.93
+// This script and data application were generated by AppGini 5.95
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 /*

app/admin/incFunctions.php

@@ -41,7 +41,7 @@
 		html_attr_tags_ok($str) -- same as html_attr, but allowing HTML tags
 		Notification() -- class for providing a standardized html notifications functionality
 		sendmail($mail) -- sends an email using PHPMailer as specified in the assoc array $mail( ['to', 'name', 'subject', 'message', 'debug'] ) and returns true on success or an error message on failure
-		safe_html($str) -- sanitize HTML strings, and apply nl2br() to non-HTML ones
+		safe_html($str, $noBr = false) -- sanitize HTML strings, and apply nl2br() to non-HTML ones (unless optional 2nd param is passed as true)
 		get_tables_info($skip_authentication = false) -- retrieves table properties as a 2D assoc array ['table_name' => ['prop1' => 'val', ..], ..]
 		getLoggedMemberID() -- returns memberID of logged member. If no login, returns anonymous memberID
 		getLoggedGroupID() -- returns groupID of logged member, or anonymous groupID
@@ -76,6 +76,8 @@
 		guessMySQLDateTime($dt) -- if $dt is not already a mysql date/datetime, use mysql_datetime() to convert then return mysql date/datetime. Returns false if $dt invalid or couldn't be detected.
 		pkGivenLookupText($val, $tn, $lookupField, $falseIfNotFound) -- returns corresponding PK value for given $val which is the textual lookup value for given $lookupField in given $tn table. If $val has no corresponding PK value, $val is returned as-is, unless $falseIfNotFound is set to true, in which case false is returned.
 		userCanImport() -- returns true if user (or his group) can import CSV files (through the permission set in the group page in the admin area).
+		bgStyleToClass($html) -- replaces bg color 'style' attr with a class to prevent style loss on xss cleanup.
+		assocArrFilter($arr, $func) -- filters provided array using provided callback function. The callback receives 2 params ($key, $value) and should return a boolean.
 	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 	*/
 	########################################################################
@@ -1633,14 +1635,50 @@ public static function show($options = []) {
 		}
 	}
 	#########################################################
+	function addMailRecipients(&$pm, $recipients, $type = 'to') {
+		if(empty($recipients)) return;
+
+		switch(strtolower($type)) {
+			case 'cc':
+				$func = [$pm, 'addCC'];
+				break;
+			case 'bcc':
+				$func = [$pm, 'addBCC'];
+				break;
+			case 'to':
+				$func = [$pm, 'addAddress'];
+				break;
+		}
+
+		// if recipients is a str, arrayify it!
+		if(is_string($recipients)) $recipients = [[$recipients]];
+		if(!is_array($recipients)) return;
+
+		// if recipients is an array, loop thru and add emails/names
+		foreach ($recipients as $rcpt) {
+			// if rcpt is string, add as email
+			if(is_string($rcpt) && isEmail($rcpt))
+				call_user_func_array($func, [$rcpt]);
+
+			// else if rcpt is array [email, name], or just [email]
+			elseif(is_array($rcpt) && isEmail($rcpt[0]))
+				call_user_func_array($func, [$rcpt[0], empty($rcpt[1]) ? '' : $rcpt[1]]);
+		}
+	}
+	#########################################################
 	function sendmail($mail) {
-		if(!isset($mail['to'])) return 'No recipient defined';
-		if(!isEmail($mail['to'])) return 'Invalid recipient email';
+		if(empty($mail['to'])) return 'No recipient defined';
+
+		// convert legacy 'to' and 'name' to new format [[to, name]]
+		if(is_string($mail['to']))
+			$mail['to'] = [
+				[
+					$mail['to'], 
+					empty($mail['name']) ? '' : $mail['name']
+				]
+			];
 
-		$mail['subject'] = isset($mail['subject']) ? $mail['subject'] : '';
-		$mail['message'] = isset($mail['message']) ? $mail['message'] : '';
-		$mail['name'] = isset($mail['name']) ? $mail['name'] : '';
-		$mail['debug'] = isset($mail['debug']) ? min(4, max(0, intval($mail['debug']))) : 0;
+		if(!isEmail($mail['to'][0][0])) return 'Invalid recipient email';
 
 		$cfg = config('adminConfig');
 		$smtp = ($cfg['mail_function'] == 'smtp');
@@ -1656,7 +1694,7 @@ function sendmail($mail) {
 
 		if($smtp) {
 			$pm->isSMTP();
-			$pm->SMTPDebug = $mail['debug'];
+			$pm->SMTPDebug = isset($mail['debug']) ? min(4, max(0, intval($mail['debug']))) : 0;
 			$pm->Debugoutput = 'html';
 			$pm->Host = $cfg['smtp_server'];
 			$pm->Port = $cfg['smtp_port'];
@@ -1667,15 +1705,26 @@ function sendmail($mail) {
 		}
 
 		$pm->setFrom($cfg['senderEmail'], $cfg['senderName']);
-		$pm->addAddress($mail['to'], $mail['name']);
-		$pm->Subject = $mail['subject'];
+		$pm->Subject = isset($mail['subject']) ? $mail['subject'] : '';
+
+		// handle recipients
+		addMailRecipients($pm, $mail['to']);
+		if(!empty($mail['cc'])) addMailRecipients($pm, $mail['cc'], 'cc');
+		if(!empty($mail['bcc'])) addMailRecipients($pm, $mail['bcc'], 'bcc');
 
 		/* if message already contains html tags, don't apply nl2br */
+		$mail['message'] = isset($mail['message']) ? $mail['message'] : '';
 		if($mail['message'] == strip_tags($mail['message']))
 			$mail['message'] = nl2br($mail['message']);
 
 		$pm->msgHTML($mail['message'], realpath("{$curr_dir}/.."));
 
+		/*
+		 * pass 'tag' as-is if provided in $mail .. 
+		 * this is useful for passing any desired values to sendmail_handler
+		 */
+		if(!empty($mail['tag'])) $pm->tag = $mail['tag'];
+
 		/* if sendmail_handler(&$pm) is defined (in hooks/__global.php) */
 		if(function_exists('sendmail_handler')) sendmail_handler($pm);
 
@@ -1684,13 +1733,12 @@ function sendmail($mail) {
 		return true;
 	}
 	#########################################################
-	function safe_html($str) {
+	function safe_html($str, $noBr = false) {
 		/* if $str has no HTML tags, apply nl2br */
-		if($str == strip_tags($str)) return nl2br($str);
+		if($str == strip_tags($str)) return $noBr ? $str : nl2br($str);
 
 		$hc = new CI_Input(datalist_db_encoding);
-
-		return $hc->xss_clean($str);
+		return $hc->xss_clean(bgStyleToClass($str));
 	}
 	#########################################################
 	function getLoggedGroupID() {
@@ -2436,3 +2484,23 @@ function getUploadDir($dir) {
 
 		return rtrim($dir, '\\/') . '/';
 	}
+	#########################################################
+	function bgStyleToClass($html) {
+		return preg_replace(
+			'/ style="background-color: rgb\((\d+), (\d+), (\d+)\);"/',
+			' class="nicedit-bg" data-nicedit_r="$1" data-nicedit_g="$2" data-nicedit_b="$3"',
+			$html
+		);
+	}
+	#########################################################
+	function assocArrFilter($arr, $func) {
+		if(!is_array($arr) || !count($arr)) return $arr;
+		if(!is_callable($func)) return false;
+
+		$filtered = [];
+		foreach ($arr as $key => $value)
+			if(call_user_func_array($func, [$key, $value]) === true)
+				$filtered[$key] = $value;
+
+		return $filtered;
+	}

app/admin/pageRebuildFields.php

@@ -28,6 +28,9 @@ function prepare_def($def) {
 		/* make sure there is always a space before mysql words */
 		$def = preg_replace('/(\S)(unsigned|not null|binary|zerofill|auto_increment|default)/i', '$1 $2', $def);
 
+		/* ignore 'not null' for auto_increment fields */
+		$def = preg_replace('/\s+not\s+null\s+(.*?)\s+auto_increment/i', ' $1 auto_increment', $def);
+
 		/* treat 0.000.. same as 0 */
 		$def = preg_replace('/([0-9])*\.0+/', '$1', $def);
 
@@ -179,7 +182,7 @@ function fix_field($fix_table, $fix_field, $schema, &$qry) {
 
 	<tbody>
 	<?php foreach($schema as $tn => $fields) { ?>
-		<tr class="text-info"><td colspan="5"><h4 data-placement="left" data-toggle="tooltip" title="<?php echo str_replace ( "<TABLENAME>" , $tn , $Translation['table name title']) ; ?>"><i class="glyphicon glyphicon-th-list"></i> <?php echo $table_captions[$tn]; ?></h4></td></tr>
+		<tr class="text-info"><td colspan="5"><h4 data-placement="auto top" data-toggle="tooltip" title="<?php echo str_replace ( "<TABLENAME>" , $tn , $Translation['table name title']) ; ?>"><i class="glyphicon glyphicon-th-list"></i> <?php echo $table_captions[$tn]; ?></h4></td></tr>
 		<?php foreach($fields as $fn => $fd) { ?>
 			<?php $diff = ((prepare_def($fd['appgini']) == prepare_def($fd['db'])) ? false : true); ?>
 			<?php $no_db = ($fd['db'] ? false : true); ?>
@@ -190,9 +193,9 @@ function fix_field($fix_table, $fix_field, $schema, &$qry) {
 				<td class="<?php echo ($diff ? 'bold text-danger' : ''); ?>"><?php echo thisOr("<samp>{$fd['db']}</samp>", $Translation['does not exist']); ?></td>
 				<td>
 					<?php if($diff && $no_db) { ?>
-						<a href="pageRebuildFields.php?t=<?php echo $tn; ?>&f=<?php echo $fn; ?>" class="btn btn-success btn-xs btn_create" data-toggle="tooltip" data-placement="top" title="<?php echo $Translation['create field'] ; ?>"><i class="glyphicon glyphicon-plus"></i> <?php echo $Translation['create it'] ; ?></a>
+						<a href="pageRebuildFields.php?t=<?php echo $tn; ?>&f=<?php echo $fn; ?>" class="btn btn-success btn-xs btn_create" data-toggle="tooltip" data-placement="auto top" title="<?php echo $Translation['create field'] ; ?>"><i class="glyphicon glyphicon-plus"></i> <?php echo $Translation['create it'] ; ?></a>
 					<?php } elseif($diff) { ?>
-						<a href="pageRebuildFields.php?t=<?php echo $tn; ?>&f=<?php echo $fn; ?>" class="btn btn-warning btn-xs btn_update" data-toggle="tooltip" title="<?php echo $Translation['fix field'] ; ?>"><i class="glyphicon glyphicon-cog"></i> <?php echo $Translation['fix it'] ; ?></a>
+						<a href="pageRebuildFields.php?t=<?php echo $tn; ?>&f=<?php echo $fn; ?>" class="btn btn-warning btn-xs btn_update" data-toggle="tooltip" data-placement="auto top" title="<?php echo $Translation['fix field'] ; ?>"><i class="glyphicon glyphicon-cog"></i> <?php echo $Translation['fix it'] ; ?></a>
 					<?php } ?>
 				</td>
 			</tr>
@@ -204,7 +207,7 @@ function fix_field($fix_table, $fix_field, $schema, &$qry) {
 
 <style>
 	.bold{ font-weight: bold; }
-	[data-toggle="tooltip"]{ display: block !important; }
+	[data-toggle="tooltip"]{ display: inline-block !important; }
 </style>
 
 <script>

app/admin/pageServerStatus.php

@@ -1,6 +1,6 @@
 <?php
-	$appgini_version = '5.93.1128';
-	$generated_ts = '19/1/2021 8:35:40 PM';
+	$appgini_version = '5.95.1136';
+	$generated_ts = '28/3/2021 6:47:57 PM';
 
 	$currDir = dirname(__FILE__);
 	require("{$currDir}/incCommon.php");

app/admin/pageViewGroups.php

@@ -75,7 +75,7 @@
 				?>
 				<tr>
 					<td><a href="pageEditGroup.php?groupID=<?php echo $row[0]; ?>"><?php echo $row[1]; ?></a></td>
-					<td><?php echo thisOr($row[2]); ?></td>
+					<td><?php echo htmlspecialchars(thisOr($row[2])); ?></td>
 					<td class="text-right"><?php echo $groupMembersCount; ?></td>
 					<td class="text-center">
 						<a href="pageEditGroup.php?groupID=<?php echo $row[0]; ?>" title="<?php echo $Translation['Edit group']; ?>"><i class="glyphicon glyphicon-pencil"></i></a>

app/admin/pageViewRecords.php

@@ -6,14 +6,14 @@
 
 	// process search
 	$memberID = new Request('memberID', 'strtolower');
-	$groupID = max(0, intval($_GET['groupID']));
+	$groupID = max(0, intval($_REQUEST['groupID']));
 	$tableName = new Request('tableName');
-	$page = max(1, intval($_GET['page']));
+	$page = max(1, intval($_REQUEST['page']));
 	$where = [];
 
 	// process sort
-	$sortDir = ($_GET['sortDir'] == 'DESC' ? 'DESC' : '');
-	$sort = makeSafe($_GET['sort']);
+	$sortDir = ($_REQUEST['sortDir'] == 'DESC' ? 'DESC' : '');
+	$sort = makeSafe($_REQUEST['sort']);
 	if($sort != 'dateAdded' && $sort != 'dateUpdated') { // default sort is newly created first
 		$sort = 'dateAdded';
 		$sortDir = 'DESC';
@@ -83,8 +83,8 @@
 						?>
 						<span class="hspacer-md"></span>
 						<?php
-							$arrFields=array('desc', '');
-							$arrFieldCaptions = array( $Translation['newer first'] , $Translation['older first'] );
+							$arrFields = ['DESC', ''];
+							$arrFieldCaptions = [$Translation['newer first'], $Translation['older first']];
 							echo htmlSelect('sortDir', $arrFields, $arrFieldCaptions, $sortDir);
 						?>
 					</div>
@@ -98,8 +98,8 @@
 		<tr>
 			<th>&nbsp;</td>
 			<th><?php echo $Translation['username'] ; ?></th>
-			<th><?php echo $Translation["group"] ; ?></th>
-			<th><?php echo $Translation["table"] ; ?></th>
+			<th><?php echo $Translation['group'] ; ?></th>
+			<th><?php echo $Translation['table'] ; ?></th>
 			<th><?php echo $Translation['created'] ; ?></th>
 			<th><?php echo $Translation['modified'] ; ?></th>
 			<th><?php echo $Translation['data'] ; ?></th>

app/ajax_combo.php

@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 5.93
+// This script and data application were generated by AppGini 5.95
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 /*

app/applicants_and_tenants_autofill.php

@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 5.93
+// This script and data application were generated by AppGini 5.95
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	$currDir = dirname(__FILE__);

app/applicants_and_tenants_dml.php

@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table applicants_and_tenants
 
-// This script and data application were generated by AppGini 5.93
+// This script and data application were generated by AppGini 5.95
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function applicants_and_tenants_insert(&$error_message = '') {
@@ -361,8 +361,7 @@ function applicants_and_tenants_form($selected_id = '', $AllowUpdate = 1, $Allow
 		$combo_driver_license_state->SelectedData = $row['driver_license_state'];
 		$combo_status->SelectedData = $row['status'];
 		$urow = $row; /* unsanitized data */
-		$hc = new CI_Input(datalist_db_encoding);
-		$row = $hc->xss_clean($row); /* sanitize data */
+		$row = array_map('safe_html', $row);
 	} else {
 		$combo_driver_license_state->SelectedText = ( $_REQUEST['FilterField'][1] == '8' && $_REQUEST['FilterOperator'][1] == '<=>' ? $_REQUEST['FilterValue'][1] : '');
 		$combo_status->SelectedText = ( $_REQUEST['FilterField'][1] == '13' && $_REQUEST['FilterOperator'][1] == '<=>' ? $_REQUEST['FilterValue'][1] : 'Applicant');
@@ -460,7 +459,7 @@ function applicants_and_tenants_form($selected_id = '', $AllowUpdate = 1, $Allow
 		}
 
 		// if user has insert permission to parent table of a lookup field, put an add new button
-		if($pt_perm['insert'] && !$_REQUEST['Embedded']) {
+		if($pt_perm['insert'] /* && !$_REQUEST['Embedded']*/) {
 			$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent hspacer-md" id="' . $ptfc[0] . '_add_new" title="' . html_attr($Translation['Add New'] . ' ' . $ptfc[1]) . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
 		}
 	}

app/applicants_and_tenants_view.php

@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 5.93
+// This script and data application were generated by AppGini 5.95
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	$currDir = dirname(__FILE__);

app/applications_leases_autofill.php

@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 5.93
+// This script and data application were generated by AppGini 5.95
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	$currDir = dirname(__FILE__);

app/applications_leases_dml.php

@@ -2,7 +2,7 @@
 
 // Data functions (insert, update, delete, form) for table applications_leases
 
-// This script and data application were generated by AppGini 5.93
+// This script and data application were generated by AppGini 5.95
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 function applications_leases_insert(&$error_message = '') {
@@ -371,8 +371,7 @@ function applications_leases_form($selected_id = '', $AllowUpdate = 1, $AllowIns
 		$combo_next_due_date->DefaultDate = $row['next_due_date'];
 		$combo_security_deposit_date->DefaultDate = $row['security_deposit_date'];
 		$urow = $row; /* unsanitized data */
-		$hc = new CI_Input(datalist_db_encoding);
-		$row = $hc->xss_clean($row); /* sanitize data */
+		$row = array_map('safe_html', $row);
 	} else {
 		$combo_tenants->SelectedData = $filterer_tenants;
 		$combo_status->SelectedText = ( $_REQUEST['FilterField'][1] == '3' && $_REQUEST['FilterOperator'][1] == '<=>' ? $_REQUEST['FilterValue'][1] : 'Application');
@@ -765,7 +764,7 @@ function unit_reload__RAND__(filterer_property) {
 		}
 
 		// if user has insert permission to parent table of a lookup field, put an add new button
-		if($pt_perm['insert'] && !$_REQUEST['Embedded']) {
+		if($pt_perm['insert'] /* && !$_REQUEST['Embedded']*/) {
 			$templateCode = str_replace("<%%ADDNEW({$ptfc[0]})%%>", '<button type="button" class="btn btn-success add_new_parent hspacer-md" id="' . $ptfc[0] . '_add_new" title="' . html_attr($Translation['Add New'] . ' ' . $ptfc[1]) . '"><i class="glyphicon glyphicon-plus-sign"></i></button>', $templateCode);
 		}
 	}
@@ -833,13 +832,13 @@ function unit_reload__RAND__(filterer_property) {
 		if($dvprint || (!$AllowUpdate && !$AllowInsert)) {
 			$templateCode = str_replace('<%%VALUE(emergency_contact)%%>', safe_html($urow['emergency_contact']), $templateCode);
 		} else {
-			$templateCode = str_replace('<%%VALUE(emergency_contact)%%>', html_attr($row['emergency_contact']), $templateCode);
+			$templateCode = str_replace('<%%VALUE(emergency_contact)%%>', safe_html($urow['emergency_contact'], true), $templateCode);
 		}
 		$templateCode = str_replace('<%%URLVALUE(emergency_contact)%%>', urlencode($urow['emergency_contact']), $templateCode);
 		if($dvprint || (!$AllowUpdate && !$AllowInsert)) {
 			$templateCode = str_replace('<%%VALUE(co_signer_details)%%>', safe_html($urow['co_signer_details']), $templateCode);
 		} else {
-			$templateCode = str_replace('<%%VALUE(co_signer_details)%%>', html_attr($row['co_signer_details']), $templateCode);
+			$templateCode = str_replace('<%%VALUE(co_signer_details)%%>', safe_html($urow['co_signer_details'], true), $templateCode);
 		}
 		$templateCode = str_replace('<%%URLVALUE(co_signer_details)%%>', urlencode($urow['co_signer_details']), $templateCode);
 		if($AllowUpdate || $AllowInsert) {

app/applications_leases_view.php

@@ -1,5 +1,5 @@
 <?php
-// This script and data application were generated by AppGini 5.93
+// This script and data application were generated by AppGini 5.95
 // Download AppGini for free from https://bigprof.com/appgini/download/
 
 	$currDir = dirname(__FILE__);